How to password protect (NOT encrypt) a portable HDD
March 17, 2016 2:05 PM   Subscribe

I know there are a lot of good programs that will allow you to encrypt part or even all of the files/folders on a portable HDD. I am looking for a simple way to password protect the whole HDD so that if it is attached to any computer, a password is needed to access it. I know that is not as 'good' as encryption', but that is all I need. TIA.
posted by toucano to Computers & Internet (18 answers total) 1 user marked this as a favorite
 
>I am looking for a simple way to password protect the whole HDD so that if it is attached to any computer, a password is needed to access it.

With or without encryption, what you're asking for is pretty much impossible without some kind of intervention at the hardware layer between the disk and whatever interface you'll use to connect it to a computer.

There are a handful of such harddrive enclosures that exist, but I'm not familiar with any particular one offhand.
posted by BrandonW at 2:08 PM on March 17, 2016


If the files/folders on the disk are not encrypted in any form - they are unmodified in their original format - then they are readable by any computer attached to that disk drive.

By definition if you make a change to those files/folders such that they are not readable by any computer attached to the drive, that's a form of encryption (it may or may not be a good one.)

What you ask for isn't possible. What you want is actually encryption.

(Hardware-based systems in enclosures that interface between the disk and the computer will typically also use encryption internally.)
posted by Ashlyth at 2:21 PM on March 17, 2016 [1 favorite]


So it turns out some(?) drives support a boot password via the ATA spec:
http://www.howtogeek.com/186881/hard-disk-passwords-explained-should-you-set-one-to-secure-your-files/

Looks like some drives are better then others at keeping this password secret, and it only checks on power-up, not resume from sleep or lock. So it's not super secure anyway.

But, If you want to use this drive over USB, it looks like you are out of luck because the USB<>ATA spec doesn't include the entire ATA spec, and security is not included.
https://forums.lenovo.com/t5/ThinkPad-T400-T500-and-newer-T/Can-I-place-a-password-protected-drive-in-an-USB-external/ta-p/692335
(I couldn't find a better source, but many places repeat this)

It's possible you could do this via an eSATA drive, but it looks unlikely over USB.


posted by stobor at 2:28 PM on March 17, 2016


Assuming Windows, here is a bad solution that might meet your requirements.

Or kludge using zip files.

But really, again assuming Windows, Bitlocker is really the way to go.

If you could be more specific about what you're trying to prevent, maybe there's something else that would work, but from what you've said so far I don't think there is anything that matches your stated needs.

It's still encrypting, but is this close enough?
posted by Candleman at 2:49 PM on March 17, 2016


I am looking for a simple way to password protect the whole HDD so that if it is attached to any computer, a password is needed to access it.

Hard drives are dumb, it's the computer that makes the decisions about permissions and access control. That means when we're using my computer, I get to decide what I'm allowed to read. You do not, even if the hard drive used to belong to you.

The only way to reliably prevent folks on other computers from reading stuff on your drive is to encrypt the stuff. Any alternative basically amounts to hanging a sign saying "please do not steal" on an unlocked bike. The good news is that locks (encryption tools) are free and relatively easy to use. Pretty much any suggestion here is fine: passworded zip files, bitlocker, etc.
posted by aubilenon at 3:38 PM on March 17, 2016 [2 favorites]


> Pretty much any suggestion here is fine: passworded zip files, bitlocker, etc.

Depending on the threat model and implementation, this might be not be true; consider the scenario where the program that creates the encrypted zip file does not properly wipe the unencrypted originals and the adversary runs Recuva or some other "undelete" software on the drive.

The easier, safer and most cross-platform compatible solution to the "supply a password to permit access to a whole HDD" question is to encrypt the whole HDD with TrueCrypt and use the FAT filesytem for the encrypted partition.
If cross-platform compatibility isn't necessary, then use the native full-disk encryption tool of the respective OS (bitlocker for Win, LUKS for Linux, etc).
posted by Bangaioh at 3:58 PM on March 17, 2016 [1 favorite]


It would be helpful to know why you don't want to encrypt the drive, both because any non-encryption solution is going to be inherently more work for less security, and because your description of how you want it to work (requiring a password to access files on the drive) sounds pretty much like how any decent, semi-modern encryption tool is going to work. It sounds like you either have an incorrect idea about how difficult encryption is to use, or you have some very specific and unusual use case in mind that probably has more tricky parameters than just "can't use encryption."
posted by firechicago at 4:05 PM on March 17, 2016 [1 favorite]


Seconding that Bitlocker is the lowest-effort way of doing this sort of thing on Windows; you just set it up with the password you want on the drive, and Windows prompts you for it whenever you connect it to another computer. Unfortunately, if you don't have Windows 7 Ultimate or Enterprise, or Windows 8/8.1/10 Pro or Enterprise, you won't be able to create a new Bitlocker-protected drive (although you can still read Bitlocker-To-Go protected drives on non Pro/Enterprise versions of Windows). Whether or not you feel it's worth doing the upgrade to Pro is up to you, and this is obviously not a good solution if you require access to the drive on OSX or Linux.

I don't believe you'll be able to find an option for password-protecting an existing drive that doesn't also encrypt the drive, though. Theoretically you might be able to format the drive with NTFS (again, assuming Windows-only) and then put a folder on there that belongs to another user and then log in as that user whenever you want to access the drive, but that sounds like a pain in the neck to work with.
posted by Aleyn at 4:49 PM on March 17, 2016 [1 favorite]


Joining the impossible train here.
posted by Sonic_Molson at 5:32 PM on March 17, 2016


As many have said, encryption is actually what you're after.

You don't specify your operating system, which probably means you're running Windows. The simplest solution would be to use Bitlocker. Be aware that your Bitlocker-encrypted drive will not be readable by computers running something other than Windows, such as MacOS or Linux, at least not easily. But if by "all computers" you mean "all Windows computers", then Bitlocker seems the way to go.

Disclaimer: I've never used Bitlocker and cannot vouch for its quality.
posted by pguertin at 9:26 PM on March 17, 2016


I am looking for a simple way to password protect the whole HDD so that if it is attached to any computer, a password is needed to access it.

Stick it in a Zalman ZM-VE400 or iodd 2541 enclosure. Then it is "as good as" encryption, because it is encryption. The enclosure itself has a keypad you use to enter your chosen password, after doing which the enclosure+drive assembly presents itself over USB as a normal, non-encrypted drive until it's powered down again.

As with any whole-drive encryption method, you really really want to make sure you have a good backup strategy in place, because data can be lost not only due to drive failure but to key loss as well. Both the enclosures I linked there allow you to protect your data with fairly short passwords, which means that the only reasonable way to make the encryption strong is to "stretch" that password into an effectively uncrackable key with the help of a unique-per-enclosure randomly-selected hardware ID. If that's what they've done, then if your enclosure goes belly-up, you won't be able to recover your data by transplanting the enclosed drive into a second enclosure and using the same password.
posted by flabdablet at 1:31 AM on March 18, 2016 [2 favorites]


Actually, scratch that last part. It seems that at least as of last year, Zalman is not really serious about strong crypto. So if you get one of those enclosures (I believe iodd and Zalman offer the same products with different branding) use the longest PIN it lets you create.
posted by flabdablet at 1:52 AM on March 18, 2016


I don't know enough about the technology options to offer a precise solution, but if I understand you correctly, you want to have a password prompt pop up when somebody tries to access a file on the drive, right? If all you care about is the password prompt, does it really matter what happens behind the scenes to get that prompt to pop up and check if the typed password is correct?
posted by emelenjr at 3:56 AM on March 18, 2016


> But if by "all computers" you mean "all Windows computers", then Bitlocker seems the way to go.

Not available for Windows XP or earlier. Echoing what others have said, without knowing more details about the intended use it's impossible to give precise advice.
posted by Bangaioh at 4:14 AM on March 18, 2016


XP should not be being used by someone asking this question, full stop. It's long enough out of its patch cycle that only experts should still have it running.
posted by Candleman at 8:31 AM on March 18, 2016


IBM (now Lenovo) made drives like this. I would check the recommendations above. But encryption may actually be a simpler route as it is well supported (to the point of being No Big Deal At All) in OS X, and possibly other operating systems. As in you don't need to install separate software and it's just a check box.
posted by zippy at 10:59 AM on March 18, 2016


Here's how to do it on the Mac (in case that's what the asker wants).

As previous answerers have mentioned, not letting a computer read a drive without its password is, for all intents and purposes, exactly what encryption is. If there's a more specific requirement/rationale here, then we may need to know more about that so it can be addressed. Cheers!
posted by churl at 2:40 PM on March 18, 2016 [2 favorites]


It also occurs to me from how you've phrased the question; your hesitation re: encryption may be that you don't want to be stuck individually encrypting/decrypting files as you need them. Perfectly natural! That would suck quite a lot. What you want is "whole-disk" encryption, which my Mac example and most above examples offer. I.e., you type a password once and the whole drive is laid bare to use just like normal, until it's disconnected.
posted by churl at 2:51 PM on March 18, 2016 [1 favorite]


« Older Upgrading from stick-and-poke tattooing to a...   |   How Bad Is This Do You Think? Newer »
This thread is closed to new comments.